Representative image / Pixabay

Last week, while Ram was browsing his X feed, a DM from a familiar-seeming account appeared. Despite years of caution as a sophisticated user with over 43,000 followers, Ram was momentarily distracted and clicked the link in the DM—something he had never done before. His X account was hacked, and as of this writing, hackers still control it.

“I no longer believe the account will be recovered by me,” said Ram in a WhatsApp exchange. He says he no longer cares either way. Ram shares his story not because it is unique, but because it shows how broken the platform has become for those who use and pay for it.

The incident began with a direct message from a familiar name and profile picture. Almost immediately after clicking the link, Ram realized his mistake. Minutes later, he tried to revoke permissions and change his password, but it was already too late.

ALSO READ: AI, deepfakes driving surge in U.S. scams

“The hackers,” said Ram, “exploited loopholes in X’s security. Normally, a password change triggers an email alert. I received none. The next day, I got an alert about a change to my email address, which I managed to reverse.”

Up until then, Ram still had access to his X account. He noticed a single crypto scam message posted from it the next day and promptly deleted it.

What happened next was telling. Shortly after, Ram tried to revoke device access again, and the system prompted him for his password. At that point, he realized he was permanently logged out. “Despite repeated reset attempts, nothing worked. The hackers had full control,” said Ram.

What struck Ram most was the sophistication of the operation. “This was not the work of opportunistic hackers moving in haste. Instead, the attackers demonstrated high confidence that X could not detect or shut down such activity. They took their time.”

Days passed before the hackers posted the first crypto scam message. Then, they sent DMs at a slow, deliberate pace to avoid detection. The verified crypto coach account they promoted had been active since December 2025. This was a patient, methodical operation with a practiced playbook.

“Once the crypto scam had run its course, the hackers pivoted,” Ram said. The account started messaging contacts about a contest, asking them to vote. Predictably, the links led to phishing traps. One account became a launchpad for compromising the next.

Ram is baffled by how easily X architecture could identify such scam links and shut them down proactively. Yet X does not act. The patterns are obvious and have been repeatedly flagged by users, yet the offending accounts continue.

Ram set up a backup account in hopes of disseminating his story, which may help him regain access to his account and warn others. He has heard from others who managed to regain control of their accounts, only to discover that the recovery was superficial. In many cases, the hackers retained some level of access, meaning the accounts were never truly restored.

Jonathan Turley, a professor at George Washington University Law School, and Robert Malone, a physician and biochemist, also discussed a similar phishing scam to alert people about it. “I just wanted to warn other X users of a phishing scam. Last night, I received a warning about copyright violations, purportedly from X, saying they would suspend the account unless I filed an appeal. ("To avoid suspension, please submit an appeal within 48 hours. Failure to do so may result in account suspension under X’s repeat-infringer policy."). I confirmed that it was a scam and did not appeal. However, it looked very real, including the inclusion of two past postings,” posted Turley on X.

Then there is X’s customer support—or lack thereof. “Most platforms send auto-replies within minutes. On X, responses took days,” Ram said. “When they came, it was clear no one reviewed my case. Obvious evidence was missed, and X did not lock or freeze the account. The scams continued.”

Recalling his agony in dealing with X customer services, Ram concluded that “my experience in dealing with X’s customer service makes me believe that the platform is indifferent to—or even tolerant of—the problem.” 

Ram knows account holders must be careful about what they click. Still, no system can assume users are perfect. “Everyone has lapses in judgment. My mistake was foolish, but I overestimated X’s ability to detect and respond to a clear hack.”

Ram assumed the platform’s algorithms would flag sudden, unusual behavior and that someone at X would review his case and act within days.

None of that happened.

“The perception is that Elon Musk gutted support to cut costs, turning the platform into the wild west. Users pay for X Premium, yet even free email services offer better support,” said Ram.

For Ram, the risk now feels too high to justify returning to the platform. He holds little hope for meaningful improvement. His advice: beware—X’s failure to protect users leaves everyone vulnerable until true responsibility is taken.

Read more stories on NewIndiaAbroad